Setup Watchguard SSL100 VPN with SMS authentication

This article explains how to setup a Watchguard SSL 100 SSL VPN with SMS authentication. This is a simple way to implement “two  factor” authentication. To logon users must have a username, password (e.g. from active directory) and a the passcode that is texted to their phone.

In order to use SMS you will need to have an account with an SMS gateway. It’s important you choose a reliable SMS gateway provider to ensure instant delivery of the SMS. I currently recommend Clickatell.

Scope

  • It is assume that the SSL100 has already been setup with an IP address and is published on the internet.
  • The SSL100 in the below example has already been published on the internet and configured to sync with an active directory server.
  • It is recommended to make sure the SSL100 is running the latest firmware.

Step1 – Clickatell Signup

Click on the below banner to sign up for an account with clickatell.

    Click here to go to Clickatell

  • You will need to create an account and buy credits for the “central API” product.
  • Once logged in go to “manage my products” and select “get connections”. Create a HTTP/S connection

Set the options as shown below. Note the 7 digit API ID. You will need this later.

Step 2 – SSL100 Setup SMS Channel

Logon to the SSL100 and go to the below screen.

Click on add SMS Channel

Select HTTP plugin and click next.

Fill out the below fields:-

Edit the mobile number and response parsing fields if required (usually you don’t need to edit these) and select finish.

Step 3- Enable Watchguard SSL Authentication

Ensure this is configured as shown below:

Step 4 – User Account Properties

For each user who is using the SSL100 SMS service:

On the “general settings” tab make sure that the users phone number is specified in their user account.

On the “Watchguard authentication” tab set as below:

Note in the above example the SSL100 is configured to get password info from an external directory service – i.e. Active Directory.

Finally don’t forget to save and publish!

Leave a Reply

Your email address will not be published. Required fields are marked *